Skip to content

Clear Windows Defender Antivirus exclusions with PowerShell

We like to remove Windows Defender Antivirus exclusions. The problem is that there are a lot of exclusions, and when we go to the Microsoft virus & threat protection settings, it takes a lot of time to remove them manually. That’s because you can’t select multiple exclusions and remove them. An excellent approach to remove Windows Defender exclusions is with PowerShell. So let’s look at the fastest way to clear Windows Defender Antivirus exclusions with PowerShell.

Microsoft Defender Antivirus

Microsoft Defender Antivirus (formerly Windows Defender) is Microsoft Windows virus and threat protection software. Microsoft Defender Antivirus is available in Windows 10, Windows 11, and in versions of Windows Server. It comes default with the Windows operating system. It can be run next to your non-Microsoft antivirus/antimalware product, in active mode, passive mode, and disabled mode.

When you go to the Windows Defender Antivirus exclusions, a list with all the exclusions shows up. Unfortunately, there is no select-all button or a checkbox to select the exclusions and remove them. Instead, there is only a Remove button for every exclusion.

Clear Microsoft Defender Antivirus exclusions with PowerShell list

Prepare clear Windows Defender Antivirus exclusions PowerShell script

Before you start, you want to place the files in the right place. We recommend creating two folders on the (C:) drive:

  • Scripts
  • Temp

Download and place Clear-WindowsDefenderExcl.ps1 PowerShell script in the C:\scripts folder. The script will export the logs to the C:\temp folder.

Ensure that the file is unblocked to prevent errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.

Another option is to copy and paste the below code into Notepad. Give it the name Clear-WindowsDefenderExcl.ps1 and place it in the C:\scripts folder.

# PowerShell script to clear the ExclusionPath, ExclusionProcess, and ExclusionExtension
# associated with Windows Defender Antivirus

# Start transcript
$Logs = "C:\temp\Clear-WindowsDefenderExcl.txt"
Start-Transcript $Logs -Append -Force

# Get Windows Defender preferences
$x = Get-MpPreference

# Get exclusion path
if ($x.ExclusionPath -ne $NULL) {
    Write-Host("================================================")
    Write-Host("Removing the following ExclusionPath entries:")
    foreach ($i in $x.ExclusionPath) {
        Remove-MpPreference -ExclusionPath $i
        Write-Host($i)
    }
    Write-Host("================================================")
    Write-Host("Total ExclusionPath entries deleted:", $x.ExclusionPath.Count)
}
else {
    Write-Host("No ExclusionPath entries present. Skipping...")
}

# Get exclusion process
if ($x.ExclusionProcess -ne $NULL) {
    Write-Host("================================================")
    Write-Host("Removing the following ExclusionProcess entries:")
    foreach ($i in $x.ExclusionProcess) {
        Remove-MpPreference -ExclusionProcess $i
        Write-Host($i)
    }
    Write-Host("================================================")
    Write-Host("Total ExclusionProcess entries deleted:", $x.ExclusionProcess.Count)
}
else {
    Write-Host("No ExclusionProcess entries present. Skipping...")
}

# Get exclusion extension
if ($x.ExclusionExtension -ne $NULL) {
    Write-Host("================================================")
    Write-Host("Removing the following ExclusionExtension entries:")
    foreach ($i in $x.ExclusionExtension) {
        Remove-MpPreference -ExclusionExtension $i
        Write-Host($i)
    }
    Write-Host("================================================")
    Write-Host("Total ExclusionExtension entries deleted:", $x.ExclusionExtension.Count)
}
else {
    Write-Host("No ExclusionExtension entries present. Skipping...")
}

# Summary
Write-Host("================================================")
Write-Host("SUMMARY")
Write-Host($x.ExclusionPath.Count, "ExclusionPath entries deleted.")
Write-Host($x.ExclusionProcess.Count, "ExclusionProcess entries deleted.")
Write-Host($x.ExclusionProcess.Count, "ExclusionExtension entries deleted.")
Write-Host(($x.ExclusionPath.Count + $x.ExclusionProcess.Count + $x.ExclusionExtension.Count), "Total entries deleted")
Write-Host("")
Write-Host("Done.")
Stop-Transcript
  • Line 5: Edit the transcript log path

Run clear Windows Defender Antivirus exclusions PowerShell script

To clear Windows Defender Antivirus exclusions:

  1. Run PowerShell as administrator
  2. Change the path to the scripts folder
  3. Run the PowerShell script to remove all exclusions from Windows Defender Antivirus
  4. Wait till the PowerShell script completes
PS C:\> cd c:\scripts
PS C:\scripts> .\Clear-WindowsDefenderExcl.ps1

Note: The Windows PowerShell console will show a list of the deleted exclusions entries and a summary with the total count. Also, it will show the output in a log because a transcript is added to the PS script.

This is an example of what it looks like after running the Clear-WindowsDefenderExcl.ps1 PowerShell script.

Clear Microsoft Defender Antivirus exclusions with PowerShell PowerShell script

Verify Windows Defender Antivirus exclusions removal

You can always find the log output in the C:\temp folder and open the Clear-WindowsDefenderExcl.txt file.

Clear Microsoft Defender Antivirus exclusions with PowerShell transcript log

Verify that the script successfully removed all the exclusions from Windows Defender Antivirus.

Clear Microsoft Defender Antivirus exclusions with PowerShell empty exclusions

Disable Windows Defender

Suppose you want to disable or uninstall Windows Defender, read these articles:

Conclusion

You learned how to clear Windows Defender Antivirus exclusions with PowerShell. It’s much faster to remove all exclusions with PowerShell than manually removing them in the Graphic User Interface (GUI). Use the script and focus on other tasks.

Did you enjoy this article? You may also like Antivirus exclusions for Exchange Server. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has One Comment

  1. That PowerShell script was fantastic!
    Thank you.
    Given other people were suggesting a fresh install of the OS this was great.

Leave a Reply

Your email address will not be published. Required fields are marked *